librpc: Remove user/domain from struct pipe_auth_data

This does require that we always fill in the gensec pointer, but the
simplification is worth the extra allocations.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

4 files changed, 49 insertions, 32 deletions

diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
index 9d0f86156e..f75dd8417b 100644
--- a/source3/librpc/rpc/dcerpc.h
+++ b/source3/librpc/rpc/dcerpc.h
@@ -45,9 +45,7 @@ struct pipe_auth_data {
 
 	void *auth_ctx;
 
-	/* Only the client code uses these 3 for now */
-	char *domain;
-	char *user_name;
+	/* Only the client code uses this for now */
 	DATA_BLOB transport_session_key;
 };
 
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index ce247ff537..d3a075f28d 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2289,6 +2289,8 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
 			       struct pipe_auth_data **presult)
 {
 	struct pipe_auth_data *result;
+	struct auth_generic_state *auth_generic_ctx;
+	NTSTATUS status;
 
 	result = talloc_zero(mem_ctx, struct pipe_auth_data);
 	if (result == NULL) {
@@ -2298,13 +2300,38 @@ NTSTATUS rpccli_anon_bind_data(TALLOC_CTX *mem_ctx,
 	result->auth_type = DCERPC_AUTH_TYPE_NONE;
 	result->auth_level = DCERPC_AUTH_LEVEL_NONE;
 
-	result->user_name = talloc_strdup(result, "");
-	result->domain = talloc_strdup(result, "");
-	if ((result->user_name == NULL) || (result->domain == NULL)) {
-		TALLOC_FREE(result);
-		return NT_STATUS_NO_MEMORY;
+	status = auth_generic_client_prepare(result,
+					     &auth_generic_ctx);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to create auth_generic context: %s\n",
+			  nt_errstr(status)));
+	}
+
+	status = auth_generic_set_username(auth_generic_ctx, "");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set username: %s\n",
+			  nt_errstr(status)));
+	}
+
+	status = auth_generic_set_domain(auth_generic_ctx, "");
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set domain: %s\n",
+			  nt_errstr(status)));
+		return status;
 	}
 
+	status = gensec_set_credentials(auth_generic_ctx->gensec_security,
+					auth_generic_ctx->credentials);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+			  nt_errstr(status)));
+		return status;
+	}
+	talloc_unlink(auth_generic_ctx, auth_generic_ctx->credentials);
+	auth_generic_ctx->credentials = NULL;
+
+	result->auth_ctx = talloc_move(result, &auth_generic_ctx->gensec_security);
+	talloc_free(auth_generic_ctx);
 	*presult = result;
 	return NT_STATUS_OK;
 }
@@ -2333,13 +2360,6 @@ static NTSTATUS rpccli_generic_bind_data(TALLOC_CTX *mem_ctx,
 	result->auth_type = auth_type;
 	result->auth_level = auth_level;
 
-	result->user_name = talloc_strdup(result, username);
-	result->domain = talloc_strdup(result, domain);
-	if ((result->user_name == NULL) || (result->domain == NULL)) {
-		status = NT_STATUS_NO_MEMORY;
-		goto fail;
-	}
-
 	status = auth_generic_client_prepare(result,
 					     &auth_generic_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -2867,18 +2887,6 @@ NTSTATUS cli_rpc_pipe_open_noauth_transport(struct cli_state *cli,
 	 * from the enclosing SMB creds
 	 */
 
-	TALLOC_FREE(auth->user_name);
-	TALLOC_FREE(auth->domain);
-
-	auth->user_name = talloc_strdup(auth, cli->user_name);
-	auth->domain = talloc_strdup(auth, cli->domain);
-
-	if ((cli->user_name != NULL && auth->user_name == NULL)
-	    || (cli->domain != NULL && auth->domain == NULL)) {
-		TALLOC_FREE(result);
-		return NT_STATUS_NO_MEMORY;
-	}
-
 	if (transport == NCACN_NP) {
 		struct smbXcli_session *session;
 
diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c
index 1a8903d82a..f262d888d1 100644
--- a/source3/rpc_client/cli_spoolss.c
+++ b/source3/rpc_client/cli_spoolss.c
@@ -26,6 +26,8 @@
 #include "rpc_client/rpc_client.h"
 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
 #include "rpc_client/cli_spoolss.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
 
 /**********************************************************************
  convencience wrapper around rpccli_spoolss_OpenPrinterEx
@@ -43,13 +45,14 @@ WERROR rpccli_spoolss_openprinter_ex(struct rpc_pipe_client *cli,
 	struct spoolss_UserLevelCtr userlevel_ctr;
 	struct spoolss_UserLevel1 level1;
 	struct dcerpc_binding_handle *b = cli->binding_handle;
+	struct cli_credentials *creds = gensec_get_credentials(cli->auth->auth_ctx);
 
 	ZERO_STRUCT(devmode_ctr);
 
 	level1.size	= 28;
 	level1.client	= talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
 	W_ERROR_HAVE_NO_MEMORY(level1.client);
-	level1.user	= cli->auth->user_name;
+	level1.user	= cli_credentials_get_username(creds);
 	level1.build	= 1381;
 	level1.major	= 2;
 	level1.minor	= 0;
@@ -221,6 +224,7 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli,
 	struct spoolss_UserLevel1 level1;
 	struct policy_handle handle;
 	struct dcerpc_binding_handle *b = cli->binding_handle;
+	struct cli_credentials *creds = gensec_get_credentials(cli->auth->auth_ctx);
 
 	ZERO_STRUCT(devmode_ctr);
 	ZERO_STRUCT(secdesc_ctr);
@@ -232,7 +236,7 @@ WERROR rpccli_spoolss_addprinterex(struct rpc_pipe_client *cli,
 	level1.processor	= 0;
 	level1.client		= talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name());
 	W_ERROR_HAVE_NO_MEMORY(level1.client);
-	level1.user		= cli->auth->user_name;
+	level1.user	        = cli_credentials_get_username(creds);
 
 	userlevel_ctr.level = 1;
 	userlevel_ctr.user_info.level1 = &level1;
diff --git a/source3/utils/net_rpc_printer.c b/source3/utils/net_rpc_printer.c
index f5247b2935..8b5ea617a2 100644
--- a/source3/utils/net_rpc_printer.c
+++ b/source3/utils/net_rpc_printer.c
@@ -29,6 +29,8 @@
 #include "../libcli/registry/util_reg.h"
 #include "libsmb/libsmb.h"
 #include "../libcli/smb/smbXcli_base.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
 
 /* support itanium as well */
 static const struct print_architecture_table_node archi_table[]= {
@@ -1120,6 +1122,7 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd,
 {
 	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
 	struct policy_handle hnd;
+	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
 	WERROR werr;
 
 	/* no arguments given, enumerate all printers */
@@ -1136,7 +1139,7 @@ static bool get_printer_info(struct rpc_pipe_client *pipe_hnd,
 	/* argument given, get a single printer by name */
 	if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, argv[0],
 					 MAXIMUM_ALLOWED_ACCESS,
-					 pipe_hnd->auth->user_name,
+					 cli_credentials_get_username(creds),
 					 &hnd))
 		return false;
 
@@ -1315,6 +1318,8 @@ static NTSTATUS rpc_printer_publish_internals_args(struct rpc_pipe_client *pipe_
 	struct policy_handle hnd = { 0, };
 	WERROR result;
 	const char *action_str;
+	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
+	const char *username = cli_credentials_get_username(creds);
 
 	if (!get_printer_info(pipe_hnd, mem_ctx, 2, argc, argv, &num_printers, &info_enum))
 		return nt_status;
@@ -1330,7 +1335,7 @@ static NTSTATUS rpc_printer_publish_internals_args(struct rpc_pipe_client *pipe_
 
 		/* open printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
-			PRINTER_ALL_ACCESS, pipe_hnd->auth->user_name, &hnd))
+			PRINTER_ALL_ACCESS, username, &hnd))
 			goto done;
 
 		/* check for existing dst printer */
@@ -1912,6 +1917,8 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c,
 	struct cli_state *cli_share_src = NULL;
 	struct cli_state *cli_share_dst = NULL;
 	const char *drivername = NULL;
+	struct cli_credentials *creds = gensec_get_credentials(pipe_hnd->auth->auth_ctx);
+	const char *username = cli_credentials_get_username(creds);
 	WERROR werr;
 
 	DEBUG(3,("copying printer-drivers\n"));
@@ -1990,7 +1997,7 @@ NTSTATUS rpc_printer_migrate_drivers_internals(struct net_context *c,
 		/* open src printer handle */
 		if (!net_spoolss_open_printer_ex(pipe_hnd, mem_ctx, sharename,
 						 MAXIMUM_ALLOWED_ACCESS,
-						 pipe_hnd->auth->user_name,
+						 username,
 						 &hnd_src))
 			goto done;